I am considering installing FDE on my laptop, but one thing that is making me hesitant is the fear that it could become corrupt, and then I'd lose EVERYTHING?! :eek: (People always tell me "Don't worry", but over my lifetime, it seems like technical things always end up breaking in my life?!)

If I was running FDE on my laptop, is there a way I could periodically do an "Unencrypted Backup" to another disk? (That way if my main drive went haywire, I would at least has a "normal" version of things?!)

Hope that makes sense?!

Sincerely,

Debbie

Jeff_Mott
—
2013-03-15T22:57:59Z —
#2

You can create an unencrypted backup the same way you would a normal backup. If you copy files to an external hard drive, they copy as normal, unecrypted files. That being said, I wouldn't recommend it. FDE seems pointless if you keep an unencrypted version right next to your computer. Personally, I have FDE on both my computer and on my external backup drive. That way my data is secure, and the only way I could lose everything is if both drives became irrecoverably corrupted at the same time.

DoubleDee
—
2013-03-17T14:22:59Z —
#3

Jeff_Mott said:

You can create an unencrypted backup the same way you would a normal backup. If you copy files to an external hard drive, they copy as normal, unecrypted files.

I thought there were different types of encryption, and in some schemes, once files are encrypted, they can only be viewed when the software decrypts them? (It seems to me that one of my former clients gave me a laptop which did that, so if a contractor ever decided to steal company secrets, they couldn't...)

That being said, I wouldn't recommend it. FDE seems pointless if you keep an unencrypted version right next to your computer.

Well, that largely depends on my OP...

Also, I don't see where having a decrypted version is bad if you keep it locked away, say, in a safe.

Personally, I have FDE on both my computer and on my external backup drive. That way my data is secure, and the only way I could lose everything is if both drives became irrecoverably corrupted at the same time.

Well, that is probably the more important question to ask (and answer) then...

What kinds of things could corrupt a hard-drive with FDE so that the data is not recoverable??

Would it be something that happens outside of the hard-drive like on your motherboard?

Would it be a failure of some circuitry on the hard-drive itself?

Would it be due to classic "software corruption"?

Something else?

Thanks,

Debbie

Jeff_Mott
—
2013-03-17T16:18:29Z —
#4

DoubleDee said:

I thought there were different types of encryption, and in some schemes, once files are encrypted, they can only be viewed when the software decrypts them? (It seems to me that one of my former clients gave me a laptop which did that, so if a contractor ever decided to steal company secrets, they couldn't...)

I'm not familiar with that kind of scheme. I use PGP at work and TrueCrypt at home, and neither behave like that.

The laptop that your client gave you... was it unable to copy files to a flash drive? Unable to upload e-mail attachments?

DoubleDee said:

Also, I don't see where having a decrypted version is bad if you keep it locked away, say, in a safe.

If you keep it locked in a safe, then sure, that could be fine.

DoubleDee said:

Well, that is probably the more important question to ask (and answer) then...

What kinds of things could corrupt a hard-drive with FDE so that the data is not recoverable??

Would it be something that happens outside of the hard-drive like on your motherboard?

Would it be a failure of some circuitry on the hard-drive itself?

Would it be due to classic "software corruption"?

Something else?

Thanks,

Debbie

An encrypted hard drive could become corrupted the same way as an unencrypted hard drive -- if a sector goes bad and becomes unreadable. Encrypted or not, you would lose just that one sector. The only time it would be worse with an encrypted drive is if the sector that goes bad happens to be the spot on the drive where the keys are stored.

DoubleDee
—
2013-03-17T16:55:31Z —
#5

Jeff_Mott said:

I'm not familiar with that kind of scheme. I use PGP at work and TrueCrypt at home, and neither behave like that.

The laptop that your client gave you... was it unable to copy files to a flash drive? Unable to upload e-mail attachments?

This was several years ago, and I don't remember the specifics, but it just seems to me that if you didn't have the proper software, then the files you were working on wouldn't work (e.g. if you e-mailed home a document you shouldn't have).

I could be totally wrong on this, though.

An encrypted hard drive could become corrupted the same way as an unencrypted hard drive -- if a sector goes bad and becomes unreadable. Encrypted or not, you would lose just that one sector. The only time it would be worse with an encrypted drive is if the sector that goes bad happens to be the spot on the drive where the keys are stored.

So as I understand things, software FDE works by encrypting nearly all data on a hard-drive (except for some Boot-Sector files) while the data is "at rest".

That means that when your computer is off, everything on your HDD should be safe.

But when your computer is on (i.e. "data in motion"), all of the files and data on your HDD are fully accessible just like they would be on an un-encrypted HDD. And therefore, if you were working on a HDD with FDE, and you decided to e-mail a "Top Secret" document to yourself at home, then when you got home and checked your e-mail, that "Top Secret" document would fully accessible at all times just like if it were never encrypted at all.

Is that correct?

Now, to your point above, here is how I understand things...

1.) If you had a HDD with software FDE, and one of the "sectors" that held the encryption tables went bad, your entire HDD would be useless.

2.) If you had a HDD with hardware FDE, and the microchip that held the encryption tables went bad, your entire HDD would be useless (unless you could somehow replace that microchip).

I'm not sure how likely either of those scenarios would be, but I guess it still makes me apprehensive about using FDE on my entire life?! :eek:

If you can indeed back things up onto another HDD in either an un-encrypted form, OR you can make a backup that also uses FDE, but would be completely independent of what happens on the original HDD, then I suppose you'd be just as safe as if you weren't using FDE, but who knows?! :-/